[COMMENT1] SPARROW HOSPITAL AND HEALTH SYSTEM
JOB DESCRIPTION
1. Job Title: Data
Security Administrator - Senior 2.
Date: May
8, 2001
3. Corresponding Role Statement: Executive Director Manager Supervisor
4. Department #: 8357 Department
Name: Data Security
Adminstration
5. Class Code: Pay Grade: .
Status: X Exempt Non-Exempt
7. Reports Directly To (Position): Data Security
Manager
8. Purpose of Job:
With limited direction, formulates, defines and
implements procedures necessary to ensure the safety of information systems
assets and to protect systems from intentional or inadvertent access or
destruction. Devises or modifies
systems or procedures to solve complex problems balancing business needs
against potential risks. Interfaces
with user community to understand their security needs and implement procedures
and technologies to accommodate those needs. Ensures that user community
understands and adheres to necessary procedures to maintain security. Conducts
accurate evaluation of the level of security required in accordance with Health
System policies and federal and state laws. Also acts as a mentor and provides
quality assurance review and oversight for the work of other Data Security
staff. Acts as project leader for
projects with limited duration.
9. Principal Duties and Responsibilities (Consistent With The
Role Statement):
a) Participate in the development, communication, and implementation of Information Security Program: assess current compliance, work collaboratively with staff to develop departmental plans, and develop methods to monitor, report and appropriately respond to deviations.
b) Assist in the
development and maintenance of disaster recovery/business resumption plans.
c) Work with Information
Services staff to incorporate information security requirements into automated
applications and technology during system selection and implementation.
d) Routinely monitor and
perform periodic audits to ensure production environments maintain necessary
controls, integrity and accessibility of data.
e) Participate on selected
security incident response team to achieve appropriate, effective and orderly
response to specified security incidents.
f)
Perform
periodic security audits of information applications and technology, analyze
vulnerabilities, and develop action plans to mitigate risks.
g) Investigate improper
information disclosures or security incidents utilizing defined policies and
procedures.
h) Work with appropriate
management and technical teams to develop and maintain individual system and
departmental disaster recovery plans.
i)
Maintain
institutional knowledge of the Health System’s constantly growing information
security requirements and stay abreast of management and technical advances in
information technology and security.
j)
Develop
and maintain security policies, procedures and guidelines that are in
compliance with Sparrow Health System policies and generally accepted
information systems control requirements.
k) Conduct recurring
information security risk assessments and training programs. Effectively
promote security awareness within the Health System.
l)
Keep
abreast of current and emerging technical information security developments.
Research, recommend and implement security tools and measures.
m) Respect and maintain
confidentiality of enterprise information including specified security plans
and controls.
n) Perform other
information system department functions as assigned by the Data Security
Administration Manager/Chief Security Officer.
10. Working Conditions:
a) Office and computer room
environment.
b) Some travel required.
c) Extensive keyboard usage
and exposure to CRT/monitor.
d) Minimal exposure to
latex, less than 10%.
11. Positions That Report Directly To This Position:
a) Must develop and
maintain effective relationship with technical and departmental staff.
b) Mentors Associate and
Intermediate Data Security Administrators and provides leadership and oversight
on medium-sized projects with limited duration.
12. Knowledge, Skills, Experience Required (Consistent With The
Role Statement):
a) Bachelor’s degree in
Computer Science or other related area.
b) Five or more years of
related and progressively more responsible or expansive work experience in
applying security and privacy principles in a healthcare setting.
c) Certified Information
Systems Security Professional or Certified Information Systems Auditor plus a
secondary industry-recognized security-related certification (including CISSP,
CISA, CCSA, CCSE, SSCP, GCIH, GCIA, GCFA, GSEC I, GSEC II) or,
industry-recognized technical certification (including CNA, CNE, Master CNE,
CDE, MCP, MCSE, ACP, CCP, CCNA, CCNP, CCIE, CCDP, CCDA).
d) Highly organized and
effective time management skills. Direct Project Management experience
required.
e) Excellent oral and
written communication skills. Ability to plan, design, write, administer and
interpret information security policy.
f)
Interpersonal
skills at a level to function well in a wide range of administrative and
management environments and a strong image of professional discipline.
13. Approvals:
Director: Date:
Executive: Date:
Human Resources: Date:
This description is
intended to indicate the kinds of activities and levels of work difficulty
required for positions with this title and should not be construed as declaring
the specific duties and responsibilities of any particular position. The duties described should not be held to
exclude other duties not mentioned that are of similar kind or level of
difficulty.